Openmaize v2.0.0 Openmaize.OnetimePass
Module to handle one-time passwords for use in two factor authentication.
There is one option that needs to be set:
db_module - the module that is used to query the database
- in most cases, this will be generated by
mix openmaize.gen.ectodb
and will be called MyApp.OpenmaizeEcto - if you implement your own database module, it needs to implement the Openmaize.Database behaviour
- in most cases, this will be generated by
There are also the following options for the one-time passwords:
HMAC-based one-time passwords
- token_length - the length of the one-time password
- the default is 6
- last - the count when the one-time password was last used
- this count needs to be stored server-side
- window - the number of future attempts allowed
- the default is 3
Time-based one-time passwords
- token_length - the length of the one-time password
- the default is 6
- interval_length - the length of each timed interval
- the default is 30 (seconds)
- window - the number of attempts, before and after the current one, allowed
- the default is 1 (1 interval before and 1 interval after)
- you might need to increase this window to allow for clock skew on the server
See the documentation for the Comeonin.Otp module for more details about generating and verifying one-time passwords.
Examples
Add the following line to your controller to call OnetimePass with the default values:
plug Openmaize.OnetimePass, [db_module: MyApp.OpenmaizeEcto] when action in [:login_twofa]
And to set the token length to 8 characters:
plug Openmaize.OnetimePass, [db_module: MyApp.OpenmaizeEcto, token_length: 8]
when action in [:login_twofa]
Summary
Functions
Handle the one-time password POST request.
If the one-time password check is successful, the user will be added to the session.